The AWVN processes personal data in the context of its activities. The AWVN wants to meet the justified expectations of its employees, its members, its clients and their employees, and all other relations, assuring them that the AWVN protects their data as a valuable asset. To this end, the AWVN complies with the legislative and regulatory requirements, taking adequate technical and organisational measures to protect the personal data entrusted to it.
We find it especially important that our services are transparent, personal, and reliable. In this context, we believe that you have a right to know exactly which data we collect and how this is used and shared. This privacy statement applies to all personal data that we process in the context of your use of Preference-Next. We describe this in a clear manner in this privacy statement. With this privacy statement, the AWVN informs all users of Preference-Next about the way in which we process personal data when using Preference-Next. This privacy statement may be adapted from time to time if new developments give us cause to adapt it.
What is personal data?
According to the General Data Protection Regulation (GDPR), personal data is any information about an identified or identifiable natural person. This means that information directly relates to someone or can be traced back to this person.
Algemene Werkgeversvereniging Nederland (“AWVN”, the Dutch General Employers’ Association), with registered office at 12, Bezuidenhoutseweg, 2594 AV in The Hague, is responsible for the data that we receive from you, the user, within the meaning of the GDPR.
For which purposes do we process personal data?
We solely process personal data for specific, carefully determined purposes. We receive personal data directly from you because you use Preference-Next. Below we provide more information about the different purposes.
1. Customer service: handling questions/remarks/complaints
You can call or send e-mail or send messages through our website. To ensure that we can help you immediately, we use your personal data, such as your name, e-mail address, telephone number and employer. This is necessary for the conclusion or performance of an agreement (Article 6(1)(b) GDPR) and/or our legitimate interest (Article 6(1)(f) GDPR).
2. Prepare reports with your (reward) preferences for your employer
The Preference-Next tool helps your employer map out the (reward) preferences of its employees.
The basic premise is that your answers are aggregated and/or pseudonymised as much as possible. We do this by using an anonymity threshold. This anonymity threshold ensures that your employer gains an insight into the general (remuneration) preferences of a department, job group and/or age group. If the department, job group or age group is too small to meet the anonymity threshold, the data will be combined with another group to ensure anonymity. Your employer can only adjust the anonymity threshold upwards. We therefore do not report the results to your employer on a personal level.
When using Preference-Next and preparing reports, we use your data, such as your e-mail address, name, gender, preferences that you specify, department and/or position, duration of employment, age, and employer. The legal basis for this is the execution of the agreement that we have concluded with your employer (Article 6(1)(b) GDPR).
In a limited number of cases, the questionnaire can also provide an insight into data that give an indication about your job satisfaction, work pressure or the extent to which you feel your work is a burden and the possible consequences of this. We ask your consent for the processing of this data. The legal basis for this aspect of the processing is consent, which you give by agreeing to the processing of this data for this purpose by checking the checkbox for giving consent when you log in (Article 6(1)(a) GDPR).
You have the right to be duly informed about what we do with your data and why we need your data. We do this by means of this privacy statement. In addition to the right to be transparently informed, you have the following rights:
• right of access (if you want to know which data we collect about you)
• right to rectification (we adapt all data that is no longer correct)
• right to be forgotten (in some cases you can ask us to delete your data)
• right to restrict processing (in some cases you may request that we restrict processing of your data)
• right to data portability (if you want, we can transfer your data to another party or provide you with a copy of your data)
• right to object (in some cases you may object to the use of your data).
If you want to exercise one of your rights, contact us by email to firstname.lastname@example.org. We undertake to respond to your request within one month of receipt of your request. Prior to processing your request, we may request additional information to verify your identity.
If we require your consent
If we process your data based on consent, you have the right to withdraw this consent at any time. You can easily do this by sending an e-mail to email@example.com. If we have other basis for the data that we process on the basis of consent, we will no longer use this data and delete it.
With whom do we share this data and where do we store it?
We provide your data to third parties in a number of cases. E.g., data, processors that assist us with the processing of your data. In some cases, we may also be legally obliged to provide your data to a third party. E.g., government agencies. In all cases, we only share strictly necessary data. We will, however, never sell your data to third parties.
Data processors that assist us with the processing of your data may solely use your data on our behalf and for the performance of the relevant services that they provide to us. They are not permitted to independently use your data or pass it on to third parties.
We use various applications for obtaining and storing specific data. To safeguard your privacy, we rigorously select our suppliers. These applications are also subject to stringent rules. Most data is stored within the European Union.
For data that is processed outside the EU, we solely collaborate with parties that offer sufficient protection in accordance with European rules. In the event that we process your data outside the EU (possibly through our external service providers), we ensure adequate protection of your personal data. E.g., by means of special contracts to ensure this (e.g., EU Standard Contractual Clauses).
How long do we store your data?
We store your data for as long as necessary for the purpose for which we use your data and/or as long as the law obliges us to store this data. This depends on the purpose. From a few months to several years, e.g., for accounting purposes.
In any event, we will store your data for the duration of the agreement with your employer, unless you request that we delete your data by e-mail to firstname.lastname@example.org and we have no reason to store your data beyond this date.
How do we protect your data?
Pursuant to Article 32 of the GDPR, we are obliged to take appropriate technical and organisational measures to prevent the loss and/or unlawful processing of personal data.
We pay a lot of attention to the proper securing of personal data. (Personal) data that you enter on the website is encrypted when sending and (personal) data is sent through a secure connection.
All our employees and external service providers have signed a non-disclosure agreement. All information that you entrust to us is handled with care. That is why only certain employees have access to your data.
We maintain a high level of security for your data. The data is stored on a secure server, among others. Only people who have been given explicit permission to access this server have access to it. The building where this server is located is also properly secured.
Contact and complaints
If you have any questions about this privacy statement, please contact us at email@example.com.
If you have any complaints about the way in which we use your data or how we respond to privacy-related questions, please lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens).
The Hague, January 2022